Sunday, 29 June 2008

ICANN Gets Pwned: "ICANN gets pwnedBy Bruce Sterling June 29, 2008 | 10:34:32 AM(Holy cow.)(If these punk little Turkish guys are in there crowing, I wonder who else is in there -- and how long they've been there.)http://isc.sans.org/diary.html?storyid=4637 Link: SANS Internet Storm Center; Cooperative Network Security Community - Internet Security - isc .In the past couple of days, reports have surfaced on the hijacking of the domains for ICANN and IANA attributed to the group NetDevilz. According to news articles, an ICANN spokesman stated they were unaware of the events. The total time for the redirection before the entry was corrected was about twenty minutes. However it will take 24 to 48 hours after the correction to ensure all the DNS entries are updated. In that time, users were redirected to a site that stated the follow:‘You think that you control the domains but you don’t! Everybody knows wrong. We control the domains including ICANN! Don’t you believe us? haha :) (Lovable Turkish hackers group)’What triggered the changing of the DNS entries has not been disclosed that I have found. Dancho Danchev's blog shows an email address listed in the updated records and note the email address in the entry called 'foricann1230@gmail.com' as well as the date they were updated as June 26. Regardless of how it happened (though I'm sure everyone would like to know) there is a big concern here. Nothing on the internet is safe and if this can happen to these folks, it can happen to anyone.... (and maybe it already has, in which case they better run to their national government and get some retroactive law enacted.)"

Here is Fuller's sketch for the US Pavilion at the 1967 International and Universal Exposition in Montreal. It was one of almost 100 pavilions at Expo 67 — and one of Fuller's later projects — but he maintained his trademark style, and love for, geodesic domes. A small train passed through the pavilion, and the interior was devoted to the effective use of creative energy. It is currently a museum dedicated to water and the environment called The Biosphere of Environment Canada.

Todd Bishop is republishing a few gems from the archive of Bill Gates’s email messages that were turned over during various lawsuits against Microsoft. Here’s one from 2003, where he excoriates the experience of downloading and installing Windows Movie Maker:

So I gave up and sent mail to Amir saying - where is this Moviemaker download? Does it exist?

So they told me that using the download page to download something was not something they anticipated.

Colonoscopy: "I had one at 11:20 this morning, and I’m sitting here typing this, and thinking about the results that’ve been coming in on Wide Finder 2, and I’d better donate to Aquamacs because release 1.4 is looking seriously cool, and just went out and photographed a couple of flowers. If you’re over fifty, you should get in line for one, because it’s just not that bad and it can save your life.The bad part is not the procedure itself, it’s the day before. Doctors like a clean workspace and so you have to drink four liters of this horrid concoction which leaves your innards clean; don’t go far from the bathroom. After the purging process, the next-worst is the 24 hours’ fast. The procedure itself, with me at least the anaesthetic was very deftly administered, I became alert about halfway through, long enough to enjoy (really) watching the video screen as they explored the landscape. In fact, they gave me a screen-grab picture and by running it here I could have out-goatse’d goatse but there are bounds of good taste even for a blogger.Oh, they inflate your intestine so they can look around, which causes a few minutes of cramps, but nature provides a way to solve that problem.Seriously; colon cancer kills a lot of people and the best way not to die from it is to catch it early. Go get a colonoscopy if you’re in the demographic, and pester your loved ones to do the same."

"RalphTheWonderLlama writes 'The trials of NebuAd by Charter Communications were halted after it gained the attention of Congressmen Ed Markey and Joe Barton. The online behavioral targeting system has been called 'a 'man-in-the-middle attack' and various other unflattering names' but would certainly be an easy way for an ISP to cash in on client profiling.' PaisteUser points out MSNBC's coverage as well, according to which the ad-insertion scheme was dropped because of 'concerns raised by customers.'

"coondoggie writes 'Canadian scientists are developing a 143-lb microsatellite to detect and track near-earth asteroids and comets, as well as satellites and space junk. The suitcase-sized Near Earth Object Surveillance Satellite includes a 6-inch diameter telescope, smaller than most amateur astronomers' scopes, that by being located 435 miles above the Earth's atmosphere will be able to detect moving asteroids delivering as few as 50 photons of light in a 100-second exposure. The NEOSSat will twist and turn hundreds of times each day, orbiting from pole to pole every 50 minutes almost always in sunlight. The telescope has a sunshade that allows searching the sky to within 45 degrees of the Sun, in order to detect near-Earth asteroids whose orbits are entirely inside Earth's.' The probe was announced a few days before the 100th anniversary of the Tunguska blast.

Friday, 20 June 2008

The storm that greeted revelations that BT and Phorm in the UK may well have broken the law when they tested a new "targeted ads" system on 10s of thousands of unsuspecting subscribers is mirrored over here in the USA:

An advertising system that eavesdrops on ISP customers' online behavior doesn't just sniff traffic, it injects fake packets into sites such as Google, according to a report released Wednesday by a net freedom group. That injection of JavaScript into other company's pages amounts to a browser hijack that violates core internet principles(Via Wired News.)

Regular readers will recall that when Safari for Windows shipped, I suggested Apple was likely looking to move its Mac OS X Cocoa development model into the Windows arena in order to broaden Cocoa’s visibility and adoption.

Over the last year, I’ve also outlined Apple’s efforts to starve Adobe’s Flash and AIR (and by [...]';

Daniel Eran Dilger

Regular readers will recall that when Safari for Windows shipped, I suggested Apple was likely looking to move its Mac OS X Cocoa development model into the Windows arena in order to broaden Cocoa’s visibility and adoption.

Over the last year, I’ve also outlined Apple’s efforts to starve Adobe’s Flash and AIR (and by extension, Microsoft’s me-too Flash plugin called Silverlight), at a time when pundits have insisted that Flash was a vital missing element on the iPhone and that Apple could/should/would be scrambling to port Flash to it. It might be a surprise to find that Apple’s air supply attack on Flash and its interest in dusting Windows with Cocoa are actually related.

It might also come as a surprise that Apple will soon release a suite of apps that will join QuickTime, iTunes, and Safari on the Windows platform. Like Apple’s existing Windows apps, the new ones will all put the Mac OS X user interface in front of millions of new users. Additionally, they will also advance Cocoa-style development in front of a much larger audience, because Apple is also giving away the frameworks it used to create those new apps.

Another surprise is that all those apps will also run cross platform on Linux. How will Apple do this? Not by shipping a large, cross platform Yellow Box runtime for various other operating systems as it attempted to do back in 1997.

Instead, Apple is refining Cocoa for deployment within the web browser to enable developers to build those so called “Rich Internet Applications” that Adobe wants users to build in Flash/Flex/AIR, Microsoft in Silverlight, Sun in Java, and so on.

Despite the marketing efforts of Adobe, Microsoft, Sun, and other RIA toolkit vendors to generate a level of RIA hype that echos the client Java excitement of the mid 90s or the thin client enthusiasm of the late 90s, RIAs haven’t really taken on the world by storm. Instead, Flash, Silverlight and other proprietary tools and their required runtime plugins are all still aiming at some future date when they can claim the status of being the platform monopoly in RIA development.

However, many of the most popular rich web apps today are from Google, including Maps, Reader, Docs, and Sheets. Google’s rich web apps take on Microsoft Office desktop apps without even needing Flash, Silverlight, or Java. Instead, Google simply uses open web standards: HTML, JavaScript, and CSS. If Google’s leading rich web apps avoid using those proprietary plugins, why should anyone else resort to using Flash or something similar?

Google’s frequent partner Apple has been thinking along the same lines, scrubbing its website of all unnecessary Flash elements and building everything in those same open web standards: HTML, JavaScript, and CSS.

The Challenge of Funding Open Tools Development.

One might think that all web developers would flock to free and open solutions rather than selling themselves into slavery to a propriety web-like platform such as Flash or Silverlight. After all, once they’re dependent upon those runtimes, the power will lie with Adobe and/or Microsoft and competitive pressures to improve those tools will dry up, just as Windows and Internet Explorer flatlined after reaching their monopoly critical mass.

Of course, one might also think that PC makers would embrace free and open Linux, but that largely hasn’t happened either, for many of the same reasons. The problem in both cases is that open web standards don’t directly make anyone rich. Nobody owns them, so as with Linux, nobody can make much of a business model out of investing development efforts into improving them… unless they do so indirectly or for indirectly strategic purposes, as RedHat and IBM do in profiting from sales Linux related services.

Indirect strategies explain why both Google and Apple share the same strong affinity for an open web, in contrast to more short sighted developers would would blindly shackle themselves to Flash or Silverlight simply because those tools might help them accomplish their immediate objectives without too much effort.

Google is investing in standards-based tools for web development because it wants an open Internet; Google needs an open web because it can’t compete and sell ads if Adobe or Microsoft infect the open web with proprietary Flash or Silverlight plugins and subsequently convert web content into opaque binaries instead of open HTML.

Apple doesn’t sell ads, it sells hardware. But if the web requires Flash or Silverlight to run, Adobe or Microsoft can either intentionally kill alternative platforms like the Mac (or Linux), or simply make them work so poorly due to their own incompetence that those platforms risk becoming non-viable. Adobe has already proven its incompetence in delivering Flash for the Mac (and really any platform outside of Windows), and I shouldn’t need to recap Microsoft’s historical readiness to destroy anything that isn’t Windows.

And so Google and Apple are bound together by different interests that happen to converge: Google wants the web open so it can sell ads, while Apple needs it open so it can sell hardware that browses the web well. Currently, the two companies are both working to achieve these goals in independent, often complementary ways.

Google’s API Inexperience.

Google introduced its Google Gears as a mechanism for beefing up rich web apps with offline storage. However, Google’s API development experience is really limited to exposing access to its web services such as Maps, Gmail, and others. Google Gears, Android, and the company’s other efforts to deliver significant new platform APIs are still unproven.

An an example, Google’s progress in delivering the Android SDK, while introduced back in November 2007, has been eclipsed by Apple’s iPhone SDK both in release cycles and in sophistication and polish since its debut in February 2008.

Another problem for Google is that it doesn’t have a large and committed user base. Google has contributed a lot code to the community, but that doesn’t mean that the community will necessarily use it.

The Apple of Your API.

In contrast, Apple has very strong and mature development tools and platform frameworks that have been proven in the marketplace for many years and are widely adopted in the markets Apple competes in.

Apple originated the first mainstream graphical platform with the Mac. That model subsequently served as the basis for Microsoft’s Windows, which grew into popularity as Apple lost itself in the conundrum of Copland in the early 90s.

Apple employees who left in the late 80s to form NeXT created the first mainstream object oriented platform frameworks, again establishing the standard that the rest of the industry would aspire to clone or use as a reference to develop upon. Apple and IBM’s Taligent, Sun’s Java, and Microsoft’s unfinished Cairo all intended to ship something that NeXT already had in production use among high profile clients.

After the remains of the old Apple acquired NeXT in 1996 and began work on Mac OS X, the company worked to continually develop and refine its desktop APIs using a unique philosophy that focuses upon:

enabling features

abstaining from developing unnecessary APIs

iterating over code to refine it

and delivering quality over quantity.

Apple’s emphasis on code quality and elegance in the API has allowed Apple to move faster than Microsoft over the last decade while also preventing Apple from having to painfully revisit major legacy problems resulting from sloppy coding and poor planning. That in turn has rebuilt Apple’s reputation in API development following its mid 90s Copland disaster.

Despite having a significant following of developers behind its desktop platform, Apple hasn’t begun resting on past performance. With the iPhone, Apple didn’t just directly port its desktop Cocoa API, but took the opportunity to refine and rethink how things should work given an entirely new set of circumstances and the opportunity to start fresh. As cited by the SproutCore blog from the Apple document “iPhone Getting Started Docs,”

“One of the biggest differences is the extensive use of properties throughout the UIKit class declarations. Properties were introduced to Mac OS X in version 10.5 and thus came along after the creation of many classes in the AppKit framework. Rather than simply mimic the same getter and setter methods in AppKit, UIKit employs properties as a way to simplify the class interfaces. For information about properties, see Properties in The Objective-C 2.0 Programming Language.”

The company is now pushing Cocoa-inspired development outside of Mac OS X and the iPhone to a broader scope: the web. Apple has already demonstrated its ability to deliver rich web applications with the kind of direct interaction and offline state features normally associated with desktop apps in .Mac Web Gallery, which debuted last fall. After experimenting with a variety of JavaScript framework helper tools to do this, Apple put its resources behind SproutCore.

That has not only allowed Apple to advance its own rich web apps using open web standards, but also to share SproutCore, its Cocoa-inspired, cross platform JavaScript frameworks, under an open source MIT license. That sharing will help provide an open alternative to Flash in the RIA space. SproutCore doesn’t compete against the use of Flash to make animated ads or navigation applets, but rather in deploying full, highly interactive applications, the target of Adobe’s Flash-based AIR platform plans.

One of the biggest announcements of WWDC was Mobile Me, a rebranding of .Mac that aligns it with the iPhone and cross platform users. Apple added a new web calendar and contacts, and a revised Mail and iDisk online file manager modeled after the Finder. The Gallery component of Mobile Me is an update of the existing .Mac version of Web Gallery, which was built using an earlier version of SproutCore.

The SproutCore JavaScript framework was developed outside of Apple by Charles Jolley, originally to create an online email manager called Mailroom. Apple hired Jolley as part of its .Mac team and collaborated to rapidly improve upon his framework.

SproutCore not only makes it easy to build real applications for the web using menus, toolbars, drag and drop support, and foreign language localization, but it also provides a full Model View Controller application stack like Rails (and Cocoa), with bindings, key value observing, and view controls. It also exposes the latent features of JavaScript, including late binding, closures, and lambda functions. Developers will also appreciate tools for code documentation generation, fixtures, and unit testing.

A key component of its clean MVC philosophy that roots SproutCore into Cocoa goodness is bindings, which allows developers to write JavaScript that automatically runs any time a property value changes. With bindings, very complex applications with highly consistent behavior can be created with very little “glue” code.

That makes SproutCore a light Cocoa alternative for deploying web apps that look and feel like Mac OS X desktop apps. At WWDC, Dr. Michael B Johnson of Pixar gave a lunchtime presentation where he pointed out that if you don’t need 64-bit addressing, multithreading, or other desktop-only features, it makes a lot of sense to deploy apps using the web.

But aren’t web apps awful? They historically have been, particularly in the days when every server response required a page load. The development of Ajax technologies, which allow the current page to draw new data from the server asynchronously in the background, has helped. Modern Ajax websites such as Flickr offer drag and drop features, and Google’s use of Ajax in its web apps has made them more desktop-like, but web apps are often well behind those designed for the desktop in terms of a usable interface.

SproutCore helps push things forward; it keeps rich interaction local within the user’s browser and supports offline functionality, making web apps behave more like desktop apps and less like the constantly reloading HTML pages that users dislike. They also look like desktop apps, and in particular can look like Mac OS X desktop apps.

The SproutCore framework also solves a lot of problems for web developers. It takes care of browser incompatibility issues to run cross-platform in Safari, Firefox, or Internet Explorer 6/7. It also makes it easy to leverage the fancy CSS features of modern browsers.

A Front End to WebObjects, WebDAV.

SproutCore also delivers the premise of thin client computing, where applications all run remotely from a back end server and therefore don’t need to be installed or managed on every client.

The disadvantage of thin client apps is that they have typically offered minimal functionality due to the weaknesses in thin platforms such as the web. SproutCore solves this by relying on modern web browser features, which are now sophisticated enough to enable thick client web apps.

SproutCore web apps also combine the power and flexibility of web services with the advantages of client-server computing, prompting Apple to refer to the new model as “web client - server.” In Mobile Me, its new web apps tie into web services vended by WebObjects and WebDAV servers, but anyone can build SproutCore web apps that tie into PHP or any other existing servers that offer up data in XML or JSON objects.

If you were waiting for the resurrection of Yellow Box or Cocoa for Windows, stop waiting and start coding. SproutCore brings the values of Leopard’s Cocoa to the web, domesticating JavaScript into a functional application platform with lots of free built-in support for desktop features.

Being based on open web standards and being open source itself means SproutCore will enable developers to develop cross platform applications without being tied to either a plugin architecture or its vendor.

Sitting on top of web standards will also make it easy for Apple and the community to push SproutCore ahead without worrying about incompatible changes to the underlying layers of Windows, a significant problem for the old Yellow Box or some new Cocoa analog. SproutCore also lives in a well known security context, preventing worries about unknown holes being opened up by a new runtime layer.

Make Apple SaaS.

All of this advances some interesting new potentials. Apple already has a silent lead in the consumer “Software as a Service” market with .Mac; While Google, Yahoo, and MSN have built models around pushing ads to fund their online mail, photos, and other applications, Apple has been quite unique in being actually able to sell its .Mac service to subscribers. Everybody wants to do what Apple is actually doing.

Mobile Me will retarget .Mac to also serve iPhone users, greatly widening its potential audience and putting Apple’s Mac OS X apps in front of a lot of Windows users. In the future, Apple will undoubtedly add new apps to its Mobile Me suite. Will it get into the online Office race with SproutCore versions of its iWork apps, available to both Mac and Windows users? How about an expanded Back to My Mac, with direct home file sharing and VNC Screen Sharing services available over the web?

And what about third parties? Surely there are enterprising developers who’d like to get in on the Mobile Me platform. Apple should consider hosting third party web apps, either bundled as part of the service (and making Mobile Me more valuable) or as additional apps users can subscribe to for a small additional cost. Imagine a Mobile Me version of QuickBooks that offered similar direct web access and mobile push sync with the iPhone.

Web developers have often found it rather impossible to sell their services, but Apple can solve this problem just as it is solving the same problem in mobile software. By offering the equivalent of an iPhone Apps Store within Mobile Me, Apple could create a viable subscription market for web apps and web services that worked like an extension of iTunes. In fact, Apple could add a WebKit view in iTunes and use it to display Mobile Me apps to a wide audience, tied right into iTunes for billing.

Of course, Apple doesn’t need the iTunes infrastructure to sell web apps, as it also has Safari for Windows and its apps also run in Firefox or Internet Explorer. If you thought the Apps Store was interesting, a market inside of Mobile Me should really get interesting.

With everyone clamoring over Facebook for offering Flash-like applets as a free service in the high turnover, profitless profile market, perhaps Apple’s ability to serve real applications and web services as a paid service to its highly loyal users who are driving record profits will get some attention, too.

Citibank ATM Server Allegedly Hacked, Leading to Cash Machine Crime Spree: "A computer intrusion into a Citibank server that processes ATM withdrawals led to two Brooklyn men making hundreds of fraudulent withdrawals from New York City cash machines in February, pocketing at least $750,000 in cash, according to federal prosecutors.The ATM crime spree is apparently the first to be publicly linked to the breach of a major U.S. bank's systems, experts say.'We've never heard of PINs coming out of the bank environment,' says Dan Clements, CEO of the fraud watchdog company CardCops, who monitors crime forums for stolen information.

Yuriy Ryabinin in a 2003 photo taken at a ham radio convention.Credit card and ATM PIN numbers show up often enough in underground trading, but they're invariably linked to social engineering tricks like phishing attacks, 'shoulder surfing' and fake PIN pads affixed to gas station pay-at-the-pump terminals.But if federal prosecutors are correct, the Citibank intrusion is an indication that even savvy consumers who guard their ATM cards and PIN codes can fall prey to the growing global cyber-crime trade.'That's really the gold, the debit cards and the PINs,' says Clements.Citibank denied to Wired.com's Threat Level that its systems were hacked. But the bank's representatives warned the FBI on February 1 that 'a Citibank server that processes ATM withdrawals at 7-Eleven convenience stores had been breached,' according to a sworn affidavit by FBI cyber-crime agent Albert Murray.Federal prosecutors in New York have charged 32-year-old Ukrainian immigrant Yuriy Ryabinin, aka Yuriy Rakushchynets, with access device fraud for allegedly using the stolen information to go on a cash-withdrawal spree. Ryabinin, who is allegedly an active member of underground credit card fraud forums, is not charged with the intrusion itself. He and a co-defendant 'received over the internet information related to Citibank customers, which information had previously been stolen from Citibank,' according to an indictment in the case. Also charged is 30-year-old Ivan Biltse, who allegedly made some of the withdrawals, and Angelina Kitaeva. Ryabinin's wife is charged with obstruction of justice in the investigation.In addition to looting Citibank accounts, Ryabinin is accused of participating in a global cyber crime feeding frenzy that tore into four specific iWire prepaid MasterCard accounts last fall. From September 30 to October 1 -- just two days -- the iWire accounts were hit with more than 9,000 actual and attempted withdrawals from ATM machines 'around the world,' according to Murray's affidavit, resulting in a staggering $5 million in losses.Ryabinin was allegedly responsible for more than $100,000 of the stolen iWire cash, which he pulled from Brooklyn ATMs. St. Louis-based First Bank, which issued the cards, declined to comment on the matter, citing the ongoing prosecution.At the time of the ATM capers, FBI and U.S. Secret Service agents had already been investigating Ryabinin for his alleged activities on eastern European carder forums.Ryabinin allegedly used the same ICQ chat account to conduct criminal business, and to participate in amateur radio websites. The feds compared photos of Ryabinin from some of the ham sites to video captured by ATM cameras in the New York Citibank and iWire withdrawals, and determined it was the same man -- right down to the tan jacket with dark-blue trim.When they raided Ryabinin's home, agents found his computer logged into a carding forum. They also found a magstripe writer, and $800,000 in cash, including $690,000 in garbage bags, shopping bags and boxes stashed in the bedroom closet. Another $99,000 in cash turned up in one of the safe deposit boxes rented by Ryabinin and his wife, Olena. Biltse was also found with $800,000 in cash.Ryabinin's wife told investigators that she witnessed her husband 'leave the couple's house with bundles of credit cards in rubber bands and return with large sums of cash,' a Secret Service affidavit reads.Notwithstanding the court documents, Citibank said in an e-mailed statement that it was not the source of the breach. 'There is no evidence that Citi servers were compromised in connection with this fraud,' the company wrote.Asked about Citibank's denial, a spokeswoman for the United States Attorneys Office for the Southern District of New York, which filed one of the criminal complaints in the case, said the office would not comment beyond what was in court documents.Citibank added that it does not hold customers responsible for fraudulent withdrawals, but would not disclose how many customers were affected. Spokesman Robert Julavits did say in an e-mail that 'Citibank has complied with all applicable notification requirements.' Under New York's Information Security Breach And Notification Act, companies must generally warn consumers of data breaches in the 'most expedient time possible.'The timing of the caper -- which prosecutors say began in October -- overlaps Citibank's previously-unexplained lowering of ATM withdrawal limits in New York last December.Citibank was taciturn at the time, when New Yorkers began noticing that their ATM withdrawal limits had been slashed in half. The bank told the New York Daily News that the move was a response to 'isolated fraudulent activity' in New York.In an earlier incident in 2006, Citibank put transaction holds on some Citi-branded MasterCard debit cards. In that case, the action was later linked to a breach at office-supply retailer OfficeMax. That intrusion remains unsolved.In the new case, the FBI affidavit says that Citibank knew by February 1 which accounts were leaked, but it left those accounts open while the fraud unfolded.'Citibank identified all of the account numbers involved in ATM withdrawals during the period that the server was compromised … and established a fraud alert system that notifies Citibank each time one of the compromised Citibank account numbers is used,' the affidavit reads.That language suggests that the attackers may not have had access to stored account numbers and PINs, but instead were tapping into transactions in real time to vacuum up PIN codes as they flew past."

Wednesday, 18 June 2008

From Wired magazine: In-car navigation systems with nagging voices have officially gone too far. IXs Research has developed a talking robotic teddy bear that not only gives you directions, it'll tell you when you've had too much to drink.

The prototype navi-bear features an alcohol-detection sensor embedded in its neck. If it catches a whiff of the one you had for the road, it'll ask, "You haven't been drinking, have you?" Accelerate too hard or brake too quickly and it yells, "Watch out!"

That would be enough to warrant tossing navi-bear straight out the window, but it's got one thing going for it -- not only does it tell you how to get where you're going, it points the way.

According to the U.S. distributor, KumoTek, Teddy Bear Robot incorporates a Fujitsu navigation system that provides voice guidance. TomTom already offers celebrity voices ranging from Mr. T ("I pity the fool who don't turn right!") to Dennis Hopper. But this is the first time anyone's had a teddy bear tell you where to go. Providing you don't tell it where to go first.

The prototype has six joints in its arms and neck so it can point the way and make gestures while giving you directions and screaming things like "Watch out!" Pat it on the head and it'll tell you where you are. It's even got optical sensors to remind you that it's dark and you should turn on your headlights.

KumoTek says the bear will be available in Japan soon, and the head of iXs Research says the company would like to offer robotic navigation systems "in other shapes and characters."

No word yet whether any of them will wag a finger in your face when you've had one too many or flip off that driver who cut you off.

Tuesday, 17 June 2008

Pimp My Datacenter: "snydeq writes 'InfoWorld has put together an in-depth, hands-on feature detailing the complete pimp-out makeover of Hawaii Institute of Geophysics' 1950s-era server room into a bona-fide 21st century datacenter equipped with 'some of the glitziest and most functional gear known to datacenter-building man.' The project — completed neither on time nor on budget — resulted in improved rack and cable management, more efficient cooling, higher security, and a wealth of remote management functionality to keep University of Hawaii IT staff from having to leave the beach to service glitches. Editorial coverage includes essential tips for completing a datacenter overhaul, video interviews, and deep-dive coverage of the technologies implemented, including state-of-the-art datacenter-planning software, power and cooling equipment, out-of-band management systems, physical security solutions, remote rebooting capabilities, and more.'(Via Slashdot.)

Comment On the grand list of things that Google cares, about killing penguins to save a few bucks ranks higher than making the world a greener place...

Google, like so many other companies, has given Mother Earth the big squeeze in a variety of ways. Some of its buildings run on solar power. Employees ride company-provided buses to work. And Google, along with Intel, backs the Climate Savers program, which tries to encourage companies and consumers to buy more efficient power supplies and to turn on the power-saving tools included with PCs.

That's all great, and not a day goes by without us celebrating Google as a leading corporate citizen. From our office in Mountain View, we always salute Larry and Sergey's party plane, as it comes in for landing at NASA Ames.But here's what Google is not doing to help mankind.The company claims to perform all kinds of magic to ensure that its data centers are the most energy-efficient computing houses around, saving Google millions of dollars per year on electricity. Yet the super-secretive ad broker continues to reveal precious little about these data center tweaks.If Google is actually successful at lowering power consumption, then the secrecy makes sense. It sees the tweaks as a competitive edge over companies such as Microsoft and Yahoo!, which also consume immense volumes of gear and power.At what point will Google decide that all service providers should have a chance to benefit from its knowledge for the betterment of mankind?You have Google and Intel spending a decent chunk of change on something like Climate Savers to effect industry-wide improvement in power savings. They're trying to convince other to take the high road for the sake of the children and the penguins.But, away from the microphones and TV cameras, Intel builds custom motherboards for Google. It's quite the special service, ensuring that Google has the lowest energy designs possible - a service not afforded to all customers.Google does on occasion share some information about its data center operations. This data usually comes from engineers Luiz Andre Barroso and Urs Hölzle.These guys love to talk about Google's failures - studies conducted around how often memory or disk drives go down. They even release some figures about how many failed systems Google sees and possible approaches for improving the life-span of data center gear. So, that's helpful, but it's not really Google's failures that we're after.Barroso's website does include a presentation (PDF) on power efficiency. For the most part, the paper covers Google's issues in broad terms, and there's almost no specific advice on how other companies can tweak their boxes to be more like Google's.Hölzle is not terribly helpful either. During a European press tour in 2006, he boasted that inefficient power supplies were "personally offensive". If he were really so upset about things like the state of bad power supplies, why doesn't he help out in those areas where he can by providing a roadmap for other service providers to follow to achieve ultimate Green Bliss?We know for a fact that folks at Microsoft and elsewhere would like to see all of the data center giants open up and share more information. But any grand revelation would require Google's cooperation, since it's viewed as the customized, all-star of the bunch with most of the juicy secrets.As it stands, few people outside Google have any clue if the company has really achieved energy gains through all of its bespoke work and research. Maybe that's why Google stays so secret about the inner-workings of the data centers. It's simply a quirky freak and has worth copying. Just best not to let the shareholders know that because the geeks like fiddling with stuff.Then again, Google might have poured serious genius into these things and have many ways to save millions of dollars and even more watts.Why not save the climate and the penguins by dishing the goods? Are you raging capitalists after all or the hippies with colored balls?(Via The Register.)

"The machine contained a combination of constituency and government information which should not have been held on it. The theft may mean the communities secretary has broken rules on the handling of restricted government information, the BBC has learned."

Monday, 16 June 2008

Dungeons & Dragons popularized the 20-sided die, but a 2,000-year-old Roman version was sold at auction five years ago.

Christie's, auctioneer to the rich and famous, sold a glass d20 from Roman times. It was included in a collection of other antiquities that sold in 2003. The markings on the die don't appear to be either Arabic or Roman numerals, but it's probably a safe bet that it was used in a game of chance. The auction catalog notes that several polyhedral dice are known from the Roman era, but remarks, " Modern scholarship has not yet established the game for which these dice were used."

I wonder - how do you say "critical hit" in Latin? (Ed. note: "maxima plaga")

The seller acquired this die from his father, who picked it up in the 1920s in Egypt. Sounds like the beginning of an Indiana Jones movie, doesn't it? (Via Wired News.)

Friday, 13 June 2008

Fear not. Escape hatch in place

The US Senate's Antitrust Subcommittee will investigate Yahoo!'s Ballmer-battling search tie-up with Google.

Yesterday, as Jerry Yang and company announced the death of talks with Microsoft, Google officially told the world it plans on serving ads to Yahoo!'s search engine in the US and Canada. And this sparked a a few words from Senator Herb Kohl, head of the Antitrust Subcommittee."We will closely examine the joint venture between Google and Yahoo announced today," his statement read. "This collaboration between two technology giants and direct competitors for Internet advertising and search services raises important competition concerns."The consequences for advertisers and consumers could be far-reaching and warrant careful review, and we plan to investigate the competitive and privacy implications of this deal further in the Antitrust Subcommittee."Of course, this is hardly surprising. And the AntiSubCommittee isn't the only one probing. But Google says it has things covered. "We have been in contact with regulators about this arrangement, and we expect to work closely with them to answer their questions about the transaction," the said company yesterday. "Ultimately we believe that the efficiencies of this agreement will help preserve competition."Even if regulators do approve the deal, it may not last. As eWeek noticed, Google slipped an escape clause into the agreement. If revenues fail to reach about $83m over a four month period, says a brand new SEC filing from Yahoo!, Google can bail after 10 months.Google can also bag the agreement if Yahoo! fails to maintain at least 50 per cent of the company's voting power - and that number jumps to 65 per cent in the event of a transaction with Microsoft, Time Warner, or News. Corp. If Yahoo! ownership changes hands over the next two years and the deal is terminated, it must fork over $250m to Larry and Serg - minus a few million here or there, depending on how successful the tie-up was.As Bloomberg reports, the money-minded folk at Merrill Lynch estimate that Google will make an extra 15 cents share on this Yahoo! pact over the next year.If regulators give the OK(Via The Register.)

A bloody big car. Also, human obsolescence imminent

American nuke boffins who have just fired up the world's first petaflop hypercomputer* are extremely excited, and contend that the machine may enable them to accurately simulate important segments of the human brain. Conceivably, the mighty 'Roadrunner' - as the computer is known - may exhibit capabilities verging on human cognition.… (Via The Register.)

Thursday, 12 June 2008

Any techies out there (those worth their salt), will already know of the BOFH, a sysadmin character, developed by Simon Travaglia, who has been a role model for a whole generation of sysadmins cursed with lusers, and who has spawned a whole sub-set of vocabulary for stressed and under pressure tech types. For those of you who've not yet had the pleasure, can I whole-heartedly recommend that you read the entire set of the series, starting here at The Register and be prepared to be rolling in the aisles...

"KentuckyFC writes 'A team of German computer scientists has developed a program that reproduces all the known forms of spit (spam over internet telephony) attack . Their plan is to make the spitting software available to computer security experts wanting to test antispit strategies. Developing these won't be easy. There are various antispit techniques such as white lists that allow only calls from predetermined callers, Turing tests such as audio CAPTCHAs that make a caller prove he or she is human and payment-at-risk services where the caller makes a small payment in advance and is refunded immediately if the receiver acknowledges the call as legitimate. But all have weaknesses say the researchers. The main difference between junk calls and junk email is that the email arrives at your mail server before you access it. This gives the server time to analyze its content and filter out the junk before it gets to you. Not so with internet telephony which is why radically different strategies are needed.' (Via Slashdot.)

Wednesday, 11 June 2008

The iPhone as money: "This week’s iPhone 3G news has Christopher Breen daydreaming of a future where the phone’s ability to know where it is and be able to purchase stuff based on location leads to new possibilities:

What prompts his examination are two iPhone features that, while currently considered merely convenient, have the potential to change the way we obtain information, goods, and services. Those two features are the iPhone’s new location and communications protocols—WiFi, EDGE/3G, cell-tower triangulation, and GPS—and the existing iTunes WiFi Music Store.

Specifically, there’s incredible power in a device that knows where it is and that can purchase stuff based on its location.

We already have an example of this power in the form of iPhone-friendly Starbucks outlets. Walk into such a Starbucks and a new Starbucks entry appears within the phone’s iTunes application. Tap it and you can learn what’s recently been played in the store and then purchase one of these tracks simply by tapping a Buy button.

So, let’s move beyond Starbucks and forward in time to capabilities the iPhone could add a little farther down the line.

You’re just blown into town for a business trip and you’d like to eat somewhere other than in the hotel’s restaurant. You and your iPhone leave the hotel and stroll down Main Street. Tap the iPhone’s Local button and a screen appears featuring Shopping, Services, Restaurants, and Entertainment entries. Tap Restaurants and every eating establishment within a mile appears. Choose a cuisine, find a place that sounds interesting, tap its name, and its menu appears—complete with the day’s specials. Tap Reservation and the iPhone tells you if there’s a wait for a table. Tick off the items on the menu that you’d like and tap Order. Head to the restaurant. As you walk in the door, your iPhone tells the receptionist that you’re there and ready to be seated at the table reserved for you. Moments after you sit down your cocktail is delivered as, later, is your dinner. When you’re ready to leave, get up and go, your iPhone has already paid.

Or…

It’s 11 a.m. and time for your coffee break. Leave the office and stroll the 14 steps to the café next door. Your iPhone vibrates and asks if you’d like the usual double-wet cappuccino. Of course you do, so you tap Yes. Within a minute your name is called and you have your caffeine-rich libation in hand. Again, no cash or credit card necessary because your iPhone automatically picked up the tab.

Or…

Clothes.

Groceries.

Books.

Electronics.

Whatever.

The benefits to just about everyone save restaurant servers and retail clerks is obvious. Customers can learn about inventory and pricing before walking into a store, they can obtain what they want with ease, and they needn’t stand in line to pay for their purchases.

And Apple? How’s a penny a transaction sound? Put enough iPhones in pockets, establish and distribute the infrastructure to retail (with, of course, the promise of Minority Report-style push advertising), and Apple could be as successful in the financial space as it is in the music market.

Google's Brin Books a Space Flight: "coondoggie writes 'Google largely conquered the Earth — now it is taking aim at space. At least co-founder Sergei Brin is. Brin today said he put down $5 million toward a flight to the International Space Station in 2011. Brin's space travel will be brokered by Space Adventures, the space outfit that sent billionaire software developer Charles Simonyi to the station in 2007. Computer game developer (and son of a former NASA astronaut) Richard Garriott is currently planning a mission to the International Space Station (ISS) in October 2008. Garriott is paying at least $30 million to launch toward the space station aboard a Russian Soyuz spaceship according to Space Adventures.' Make sure to wave when you are over Michigan, man. I'll be the one on my lawn, green with envy. (Via Slashdot.)

35 Articles of Impeachment Introduced Against Bush: "vsync64 writes 'Last night, Congressman Dennis Kucinich (D-OH) spent 4 hours reading into the Congressional Record 35 articles of impeachment against George W. Bush. Interestingly, those articles (63-page PDF via Coral CDN) include not just complaints about signing statements and the war in Iraq, but also charges that the President 'Sp[ied] on American Citizens, Without a Court-Ordered Warrant, in Violation of the Law and the Fourth Amendment,' 'Direct[ed] Telecommunications Companies to Create an Illegal and Unconstitutional Database of the Private Telephone Numbers and Emails of American Citizens,' and 'Tamper[ed] with Free and Fair Elections.' These are issues near and dear to the hearts of many here, so it's worth discussing. What little mainstream media coverage there is tends to be brief (USA Today, CBS News, UPI, AP, Reuters).' The (Democratic) House leadership has said that the idea of impeachment is 'off the table.' The Judiciary Committee has not acted on articles of impeachment against Vice President Cheney introduced by Kucinich a year ago. (Via Slashdot.)

New Opt-Out Clause Makes CAN-SPAM Worse: "snydeq writes 'Three years of mulling, and the FTC has made the CAN-SPAM Act worse, writes Gripe Line's Ed Foster. Chief among the offenses in the FTC's updated rules is an even worse approach to opt-out procedures. In the future, in scenarios where multiple marketers use a single email message to spam you, 'only one of the senders — the one in the From: field — need be designated the official sender who is responsible for honoring opt-outs,' Foster writes. Translation? 'Other 'marketers' who used that spam message, not to mention the spamming service that actually provided the email address list, don't need to honor opt-outs. So try as you might to get yourself off a list, the real spammer can just keep changing the designated sender in the From: field and legally keep on spamming you.' The irony of the CAN-SPAM moniker gets thicker.'(Via Slashdot.)

The Atlantic Monthly's Nicholas Carr is worried that his increasing reliance on the internet for research and other information has made him stupid:

What the Net seems to be doing is chipping away my capacity for concentration and contemplation. My mind now expects to take in information the way the Net distributes it: in a swiftly moving stream of particles. Once I was a scuba diver in the sea of words. Now I zip along the surface like a guy on a Jet Ski.

The article dives deep into many perceived effects of the internet, bolstering his argument with anecdotes about other technologies, like the printing press, and their very real influence on the way we think. Ultimately Carr concedes that, while the internet's influence will very likely have a profoundly positive effect on some aspects of our lives, it may have a dumbing-down effect in what we currently look at as independent thought and intelligence. It's a little doomsday, but also a great read, so let's whether or not you feel Google's making you dumber in the comments.

Bacteria Make Major Evolutionary Shift In the Lab: "Auxbuss sends us to New Scientist for news sure to perplex and confound creationists: scientists have watched a new, complex evolutionary trait develop in the lab. 'A major evolutionary innovation has unfurled right in front of researchers' eyes. It's the first time evolution has been caught in the act of making such a rare and complex new trait. And because the species in question is a bacterium, scientists have been able to replay history to show how this evolutionary novelty grew from the accumulation of unpredictable, chance events.(Via Slashdot.)

Monday, 9 June 2008

McCain's Ties to Telecoms Questioned After Wiretapping Flip-Flop: "Telecom lobbyists, current and former, hold some prominent spots in Republican presidential hopeful John McCain's campaign. After a week of flip-flopping on the legality of warrantless wiretapping, a civil liberties group that is suing AT&T for allegedly spying on Americans is asking what that might mean."

Sunday, 8 June 2008

Risks Digest 25.19: "Date: Thu, 5 Jun 2008 17:47:22 -0400 (EDT) From: David Lesher Subject: Control-Alt-SCRAM; update reboots nuke plant Brian Krebs, *The Washington Post*, 5 Jun 2008 A nuclear power plant in Georgia was recently forced into an emergency shutdown for 48 hours after a software update was installed on a single computer. The incident occurred on March 7 at Unit 2 of the Hatch nuclear power plant near Baxley, Georgia. The trouble started after an engineer from Southern Company, which manages the technology operations for the plant, installed a software update on a computer operating on the plant's business network. The computer in question was used to monitor chemical and diagnostic data from one of the facility's primary control systems, and the software update was designed to synchronize data on both systems. According to a report filed with the Nuclear Regulatory Commission, when the updated computer rebooted, it reset the data on the control system, causing safety systems to errantly interpret the lack of data as a drop in water reservoirs that cool the plant's radioactive nuclear fuel rods. As a result, automated safety systems at the plant triggered a shutdown. ... ------------------------------ Date: Fri, 6 Jun 2008 18:53:02 -0700 From: Paul Saffo Subject: Sensor error caused $1.4 bill B2 crash! [ouch! Reminds me of an early error with the Airbus fly-by-wire system that ended up with a controlled flight into terrain bec of a computer problem. -p] Forgotten Lesson Caused B-2 Crash, 6 Jun 2008 David A. Fulghum/Aerospace Daily & Defense Report Crews and maintainers never formally recorded information on a vulnerability involving the B-2's air pressure sensors and the simple workaround crews came up with to mitigate it, a crucial omission that set the stage for a Feb. 23 B-2 crash in Guam. Aircrews and maintenance teams learned about the sensors' susceptibility to moisture during a Guam deployment in 2006. They also discovered that turning on the 500-degree pitot heat would quickly evaporate the water and the flight computer would receive normal readings. But the information was not formally 'captured' in maintenance or lessons-learned publications, said Maj. Gen. Floyd Carpenter, president of the accident investigation board and vice commander of 8th Air Force. The result was that by the 2008 deployment, the information was passed on by word of mouth so that ``some people knew about it and some people did not,'' he said during a Pentagon briefing June 5. Crews never encountered the problem at the bomber's home base of Whiteman Air Force Base, Mo. Earlier incident Earlier in the 2008 deployment, another B-2 had reached 70 knots in its takeoff roll when abnormal indications caused the pilot to abort. The aircraft taxied back to maintenance, the moisture was evaporated with pitot heat and the mission continued without incident. But on Feb. 23, calibration of the sensors was done without turning the sensor heaters on. The skewed information from three of the 24 air pressure sensors on the Spirit of Kansas fed distorted information into the flight control computer. When the aircraft reached 130 knots, the computer thought it was at the 140-knot takeoff speed and rotated for takeoff. The sensors also indicated the bomber was in a nose-down attitude so it commanded a rapid pitch up that reached 30-31 degrees before the pilots could correct and stop the climb at an altitude of about 80 feet. The effects of the low takeoff speed and high angle of attack caused the B-2's speed to deteriorate until the aircraft stalled and began a roll to the left, when its left wing tip struck the ground. At that point the pilots ejected (Aerospace DAILY, March 28). The aircraft's remains were boxed and will be sent to the U.S., where the cockpit, seats and hatches will be used for training. Additional information, including the crash investigators report and video, is posted on Air Combat Command's Web site at http://www.acc.af.mil/aibreports/ . http://www.aviationweek.com/aw/generic/story.jsp?id=3Dnews/B-2060608.xml&headline=3DForgotten%20Lesson%20Caused%20B-2%20Crash&channel=3Ddefense [Also noted by Gabe Goldberg. PGN] ------------------------------ Date: Fri, 6 Jun 2008 20:25:28 EDT From: MellorPeter_at_aol.com Subject: UK bank takes 9 months to combine computer systems The system in use by building societies* for some older types of account involves a 'pass book' to record transactions. With computer systems universally in use, the counter clerk no longer writes each transaction into the book by hand, but inserts the book into a printer. The system keeps track of which line on the page the previous transaction was printed on and prints the next transaction immediately below it. Over the last 6 months or so I have found that the transactions in my pass book are frequently overprinted on top of the previous transaction (or transactions, if I made more than one on the previous visit). When this happened again today (6th June) I asked the clerk why. My building society (the Abbey: now a bank) merged last September with a Spanish financial institution which forced a new computer system onto it. I noticed that there was frequent chaos at the time with the system being down or running slowly. According to the clerk, the overprinting is a related problem, and is due to there being effectively two systems working in parallel, since the roll-out of the new system is not yet complete (or the merger of the two computer systems is not complete). Which system you get depends on which branch you visit, so the system at the Stevenage branch 'remembers' the last transaction I made _in Stevenage_ and prints over any more recent transactions that I made at one of the branches in London, and vice versa! * I won't go into details about what a 'building society' is, for non-UK readers. Suffice it to say that they are rather like banks, and over the past few years, most of them have actually turned themselves into banks. Peter Mellor +44 (0)20 8459 7669 ------------------------------ Date: Wed, 4 Jun 2008 19:49:07 +1200 From: Donald Mackie Subject: Online registration for US visa waiver scheme from August 2008 The US has a visa waiver scheme for visitors from a number of countries (including NZ). Citizens of those countries do not need to apply for a visa to visit the US up to 90 days. They currently complete an I94 form on the plane and are admitted (after screening) with appropriate visitor stamp in their passports. A new scheme has been announced that will require prospective visitors to register online. The website will be online from August and the system will be compulsory from January. There is a fuss in the media here (http://www.nzherald.co.nz/section/1/story.cfm?c_id=1&objectid=10514241) over the requirement to register 72 hours before travel, a problem for people making urgent business or family visits. A spokesperson on the radio today said that there will be mechanisms to address those situations, which is fine. Only one commentator has so far expressed anxiety about the greater risk which is that of security around personal information submitted to such a site. The spokesperson also said that people will be able to update their travel details online, only increasing my concerns about security. Bear in mind that the current I94 includes DOB, passport number etc. Risks self evident. ------------------------------ Date: Sun, 8 Jun 2008 12:24:21 -0400 From: Monty Solomon Subject: The ID Divide Addressing the Challenges of Identification and Authentication in American Society By Peter Swire, Cassandra Q. Butts, Center for American Progress, 2 Jun 2008 How individuals identify themselves in our country grows more complex by the year. Just last month, 12 nuns were turned away from voting booths during the Indiana presidential primary because they lacked state identification (none of them drives), a stark reminder that the recent Supreme Court ruling that upheld Indiana's voter ID law poses lasting consequences to our democracy. And two years ago last month the personal identification data of 26.5 million veterans were lost from a government laptop, the latest in a series of data breaches that threaten the integrity of everyone's identification. Those 12 nuns are among 20 million other voting age citizens without driver's licenses, and they join those 26.5 million veterans and many millions of other Americans who suddenly find themselves on the wrong side of what we call the ID Divide-Americans who lack official identification, suffer from identity theft, are improperly placed on watch lists, or otherwise face burdens when asked for identification. The problems of these uncredentialed people are largely invisible to credentialed Americans, many of whom have a wallet full of proofs of identity. Yet those on the wrong side of the ID Divide are finding themselves squeezed out of many parts of daily life, including finding a job, opening a bank account, flying on an airplane, and even exercising the right to vote. ... http://www.americanprogress.org/issues/2008/06/id_divide.html Full report (pdf) http://www.americanprogress.org/issues/2008/06/pdf/id_divide.pdf Identification and Authentication Resources page http://www.americanprogress.org/issues/2008/06/id_resources.html ------------------------------ Date: Fri, 6 Jun 2008 23:13:42 -0400 From: Monty Solomon Subject: ISP Secretly Added Spy Code To Web Sessions: Ryan Singel Ryan Singel, *WiReD* blog, 5 Jun 2008 Leaked Report: ISP Secretly Added Spy Code To Web Sessions, Crashing Browsers An internal British Telecom report on a secret trial of an ISP eavesdropping and advertising technology found that the system crashed some unsuspecting users' browsers, and a small percentage of the 18,000 broadband customers under surveillance believed they'd been infected with adware. The January 2007 report (.pdf) -- published Thursday by the whistle blowing site Wikileaks -- demonstrates the hazards broadband customers face when an ISP tampers with raw Internet traffic for its own profit. The leak comes just weeks after U.S. broadband provider Charter Communications told users it would be testing a technology similar to what's described in the BT document. The report documents BT's partnership with U.K. ad company Phorm, which specializes in building profiles of ISP customers, then serving targeted ads on webpages the user visits. >From late September to early October 2006, British Telecom secretly partnered with Phorm to let the company monitor and track 18,000 of the BT's customers. Phorm installed boxes on BT's network that redirected web requests through their proxy server. Those boxes inserted JavaScript code into every web page downloaded by the users. That script then reported back to Phorm the contents of the web page, which Phorm used to create ad profiles of a user. Additionally, Phorm purchased advertising space on prominent web sites, showing a default ad for a charity. But when a user who had previously looked at car sites visited one of those pages, he instead got an advertisement for car insurance. The users were not informed they were being made guinea pigs for a new revenue system for BT and had no way to opt out of the system, according to the report. The JavaScript caused flickering problems for some users as the script reported back information about the content of the web page to a Phorm server. The script also crashed browsers that loaded a website that relied excessively on anchor tags. Additionally, the rogue JavaScript showed up unexpectedly in user's posts to some web forums. ... http://blog.wired.com/27bstroke6/2008/06/isp-spying-made.html ------------------------------ Date: Sat, 7 Jun 2008 10:26:09 EDT From: MellorPeter_at_aol.com Subject: Advice from HM Revenue & Customs on NI number fraud The following is a link to document NIM39140 - National Insurance Numbers (NINOs): Format and Security: What to do if you suspect or discover fraud. (For non-UK readers, the NI number is the UK equivalent of the US Social Security number.) I am sure that we all appreciate this sound advice from HMRC! :-) http://www.hmrc.gov.uk/manuals/nimmanual/NIM39140.htm ------------------------------ Date: Sun, 8 Jun 2008 10:03:37 PDT From: 'Peter G. Neumann' Subject: Stanford employees' data on stolen laptop Stanford University has notified tens of thousands of past and present employees that their personal information was on a university laptop that was stolen for people hired before 28 Sep 2007 -- possibly as many as 72,000. [Someday encrypting such data sets will become the default. PGN] ------------------------------ Date: Fri, 6 Jun 2008 00:57:29 +0100 From: David Hollman Subject: Sometimes the computer is right... Here's a case where social engineering defeated an apparently correctly working automated security system and allowed a burglary: 'An experienced jewelry thief may have hoodwinked the University of British Columbia's campus security by telling them to ignore security alarms on the night of last month's multi-million dollar heist at the Museum of Anthropology... Four hours before the break-in on May 23, two or three key surveillance cameras at the Museum of Anthropology mysteriously went off-line. Around the same time, a caller claiming to be from the alarm company phoned campus security, telling them there was a problem with the system and to ignore any alarms that might go off. Campus security fell for the ruse and ignored an automated computer alert sent to them, police sources told CBC News.' Full article: http://www.cbc.ca/arts/story/2008/06/04/bc-ubc-security-ruse.html ------------------------------ Date: Wed, 4 Jun 2008 14:39:11 -0400 (EDT) From: msb_at_vex.net (Mark Brader) Subject: 'She'll never fail to stop at a railroad crossing ever again' Posted by Jeff Rosen, 3 Jun 2008, http://www.subchat.com/read.asp?Id=627920 Correction: Due to incorrect information received from the Clerk of Courts Office, Diane K Merchant was incorrectly listed as being fined for prostitution in Wednesday's paper. The charge should have been failure to stop at a railroad crossing. The Public Opinion apologies for the error. I don't know what happened here, but it's got to involve a computer, hasn't it? [Well, it could have been a typo in the officer entering the description code. Or the officer could have been on the wrong track himself. PGN] ------------------------------ Date: Wed, 4 Jun 2008 09:03:17 -0400 From: Monty Solomon Subject: Experts Revive Debate Over Cellphones and Cancer Experts Revive Debate Over Cellphones and Cancer; What do brain surgeons know about cellphone safety that the rest of us don't? Tara Parker-Pope, *The New York Times*, 3 June 2008 Last week, three prominent neurosurgeons told the CNN interviewer Larry King that they did not hold cellphones next to their ears. 'I think the safe practice,' said Dr. Keith Black, a surgeon at Cedars-Sinai Medical Center in Los Angeles, 'is to use an earpiece so you keep the microwave antenna away from your brain.' Dr. Vini Khurana, an associate professor of neurosurgery at the Australian National University who is an outspoken critic of cellphones, said: 'I use it on the speaker-phone mode. I do not hold it to my ear.' And CNN's chief medical correspondent, Dr. Sanjay Gupta, a neurosurgeon at Emory University Hospital, said that like Dr. Black he used an earpiece. Along with Senator Edward M. Kennedy's recent diagnosis of a glioma, a type of tumor that critics have long associated with cellphone use, the doctors' remarks have helped reignite a long-simmering debate about cellphones and cancer. ... http://www.nytimes.com/2008/06/03/health/03well.html?partner=rssuserland&emc=rss&pagewanted=all ------------------------------ Date: Wed, 4 Jun 2008 11:33:19 +0100 From: Richard Gadsden Subject: Re: Risks in Instant Runoff Voting Peter G. Neumann* (RISKS-25.18) has missed the point of Arrow's Theorem by expressing it as identifying a problem with ranked preference systems. Arrow presumes that voters have a ranking of candidates; indeed the underlying assumption of Arrow is that voters' preference as between candidates is ordinal, not cardinal. [* Not really. The discussion of Arrow's Theorem should actually have been more clearly attributed to the review article by Peter Baker. PGN] Arrow's proof - that no election system can be simultaneously monotonic, deterministic, universal, unrestricted in domain and independent of irrelevant alternatives without being a dictatorship - applies not only to ranked preference systems, but to all elections without exception. Only by rejecting the assumption of ordinality of preference, or by rejecting one of criteria, can any voting system be established. Most real election systems - including simple plurality, instant runoff and conventional runoff - fail on the criterion of independence of irrelevant alternatives (IIA); that is, a (losing) candidate or candidates can be introduced into an election or removed from an election and that will change the winner. In many real-world elections, there is a 'Condorcet' winner, ie someone who is preferred by a majority of the electorate to every other candidate (it may be a different majority in each case). If there is such a winner, then electing them fulfills Arrow's theorem. The problem is that in some elections, preferences are circular (ie A>B, B>C and C>A, where > represents 'is preferred to' rather than the usual 'is greater than'). Where this occurs, no system can fulfill Arrow's criteria - either the system will elect someone who would lose in a simple majority two candidate election (which fails Arrow's dictatorship criterion) or IIA will be breached, as any proposed winner can be defeated by the withdrawal of one of his opponents. A key corollary of Arrow's theorem is that voters always have an incentive to be insincere in how they cast their votes. For example, in the 2000 US Presidential election, voters whose true preference was Nader>Gore>Bush had a strong incentive to insincerely vote for Gore. Similar arguments can be applied to all electoral systems - even ones that elect a Condorcet winner, as they must have a (by definition manipulable) tie-breaker when there are circular preferences, and voters could vote insincerely to create a circularity and then manipulate the tie-breaker. ------------------------------ Date: Sat, 7 Jun 2008 20:19:10 -0700 From: 'Paul Czyzewski' Subject: Re: Fire at The Planet takes down thousands of websites (R 25 18) < [Power was restored on 2 Jun. PGN] Actually, things didn't go that smoothly and, in fact, it appears that some users (those whose hard drives were damaged by the initial power failure) are *still* having problems. The Planet forum (http://forums.theplanet.com/index.php?showtopic=90185) contains about 80 messages from the Planet, sent over the past week, on the status of their outage. It includes such highlights of the sort 'now all the remaining servers are up on generators'. 'oops, the generator tripped its circut breakers, so those 3000 servers are down again.' 'We fixed the generator.' 'Oops, the fix to the generator didn't work and ....' you get the idea. I have no reason to doubt the competence of the Planet staff; it's not an easy problem to recover from. ------------------------------ Date: Wed, 4 Jun 2008 09:07:51 -0400 From: Steve Wildstrom Subject: Re: Whose Rules Does Your Media Center Play By? (RISKS-25.18) Bashing Microsoft is fun-I've done it often enough myself-but in this case, EFF is barking up the wrong tree. Assuming, arguendo, that this wasn't just a dumb mistake, the party at fault is NBC. As the Microsoft spokesperson said, the Media Center code merely implements what was, at the time the code was written, an FCC requirement. The later court rejection of the broadcast flag rules didn't require changing the code, it prohibited broadcasters from implementing the flag. NBC broadcast a program with the flag set, which it should not have done, and the Media Center responded exactly the way it was supposed to, and, for the record, exactly the way Microsoft has always said it would. Steve Wildstrom, BusinessWeek, 1200 G St NW, Suite 1100, Washington, DC 20005 Technology & You ------------------------------ Date: Sat, 7 Jun 2008 20:26:21 -0700 From: Paul Czyzewski Subject: Re: Beware of Error Messages At Bank Sites (Sherwood, R 25 18) This scam sounded vaguely familiar, and I found this article, The Failure of Two-Factor Authentication, which was written by Bruce 'Nostradamus' Schneier three years ago. http://www.schneier.com/blog/archives/2005/03/the_failure_of.html Besides the bank scam, Bruce discusses the inherent flaws in two-factor authentication, generally. ------------------------------ Date: Wed, 04 Jun 2008 11:43:02 -0700 From: Henry Baker Subject: Re: An iTunes ... problem Apple will never fix (McDonald, R-25.18) Alistair, This iTunes file retention bug happens to me all the time. When audio podcasts are deleted in iTunes, the underlying file is deleted. However, when video podcasts are deleted in iTunes, the underlying file isn't deleted -- there's no error message or anything. I've gotten to playing video podcasts directly from the underlying file system & deleting the files behind iTunes's back, just to make sure that the file really gets deleted. Since video files are typically much larger than audio files, the inadvertent retention of video files can quickly fill up your disk. I haven't tried this on Mac iTunes, but I suspect that the same thing happens there, so I don't think this is an OS-specific bug. I've given up reporting bugs to large corporations, because they don't even bother to acknowledge the email. They're too busy putting in additional misfeatures to have time to fix the ones they already have. ------------------------------ Date: Wed, 4 Jun 2008 19:06:37 -0700 From: Max Power Subject: Re: An iTunes ... problem Apple will never fix (McDonald, R-25.18) I ASSURE YOU THAT THE iTunes 'disk usage' bug IS REAL. NOTE * iTunes (across all OSes it runs on) offers [or has access to] a built in update program [offers: Win; access: OSX] * Most people use that update program most of the time. Most people have the current version of iTunes * Apple has no obvious way to submit bugs for the software it writes. There may be ways, but I don't know what they are. * I am a telecommunications consultant: if I can't find a way to submit iTunes bugs to Apple, it is probable no one can. * UNLESS there is an outstanding telecommunications issue that makes updating Apple software more difficult or impossible [like the user living on Pitcairn, with a 56kbs link] it would reason that 90% of iTunes users are up to date. * It is impossible [or not highly likely] for this disk usage problem to affect older versions of iTunes. * I don't know where this bug originated in the iTunes version tree. Known or Suspected 'problem areas' Operating systems affected: ALL (Windows family 100%, OSX assumed 100% pending proof) TCP / IP version issues: NONE that I know of, this is a File System issue (?) not an IP issue User Interfaces affected: ALL CURRENT iTunes Versions affected [addendum] * It is probable that all versions since the introduction of Podcasts and Vodcasts are affected by this FS or UI problem. * I don't know where to find an adequately detailed Apple iTunes version tree, iTunes is not Winamp. * This lack of traceability makes it extremely difficult to track down where this disk space issue started, much less submit a bug report. Will Apple ever fix the problem? Since the transmission of my original 'Comp.Risks' submission I have not received a single e-mail or postal letter from Apple [asking me for clarifications of the iTunes disk usage problem]. My suspecting that Apple may never fix this is based on a total lack of contact from Apple. It would be nice if Apple would toss one of their mini PCs my way for my BOINC distributed computing project [for uncovering such a fundamental software design flaw] ... but Apple is an American corporation so I don't see this ever happening. As corrupt as Microsoft is [as a corporation] and as vast as its' labyrinthine bureaucracy is ... Microsoft is more responsive to bug reports. Where is the program problem finding itself? Is this a User Interface (UI) bug and not a File System (FS) usage tracking bug? I don't know. I believe it is clearly a UI problem, but it may be a side effect of the way that iTunes interacts with the host OS file systems. Further use at my end implies it is a Vodcast problem, at least on my hardware and software platform. Podcasts seem to delete cleanly and their existence seems to be reported correctly, but I have not experimented with 20 gb+ of MP3 podcasts with this software to see if the same phenomena is at work. MORAL: No matter what * You should not be able to 'delete all Vodcasts' (when disk use = 99%) and not have the podcasts continue to reside on your HD eating up space. * There should only be mechanisms for moving or deleting podcasts on a PC's file system for programs like iTunes. * RSS feed displays (be they Podcasts or Vodcasts) need to have a 1 to 1 correspondence with the files represented on the drive. * Programs that use [and manage] a lot of disk space need to be truthful about how the disk space is being used to the user. * All high profile programs need to have a clearing house for submitting bugs. I am still working on figuring out the extent of the bug, but I don't expect it to be fixed before 2009 or 2010. Max Power, CEO, Power Broadcasting http://HireMe.geek.nz/ Adelade / Wellington / Vancouver / Seattle "

Experimental Drug Makes the Immune System Revolt Against Cancer: "A biotech company announces its experimental drug is producing impressive results in seven Non-Hodgkin's Lymphoma patients. All of them have had at least three conventional treatments fail them, but they show signs of recovery after receiving doses of a two-headed antibody."

Well, not yet anyway

The Home Affairs Committee has called on the government to follow a 'minimum data, held for the minumum time' approach to British citizens' personal information in its long-awaited report into surveillance.…

Friday, 6 June 2008

.....not much there that's of any real use, for sure. But if you're dying to try the new features but your Gmail account hasn't yet been enabled, follow this procedure: copy and paste https://mail.google.com/mail/?labs=1#settings into your address box when you're logged into Gmail to enable it manually. Once you do, you'll have access to the new Quick Links, Superstars, Custom keyboard shortcuts, and yes, even Snakey.